Figure Technology Solutions data leaked after SSO breach

- The hacking group ShinyHunters has been linked to numerous high-profile data breaches since 2020, including incidents involving AT&T, Microsoft, Santander, and Ticketmaster. The group often exfiltrates data and demands a ransom, leaking the data if the company refuses to pay. - Okta, the identity provider at the center of the breach, has experienced several security incidents in recent years; in October 2023, attackers accessed its customer support system to view files uploaded by clients, affecting all customers. In 2022, the Lapsus$ group also breached Okta's internal systems, leading to an 11% stock price decline and a subsequent $60 million settlement with shareholders. - The financial services industry is the most attacked sector, accounting for 27% of all data breaches in 2023. The average cost of a data breach in the financial sector rose to $6.08 million in 2024. - Attackers targeting Okta SSO credentials often use social engineering and "vishing" (voice phishing) to trick employees into providing access or MFA codes in real-time. These campaigns have been actively used by groups like ShinyHunters to compromise corporate accounts. - ShinyHunters has also been implicated in breaches involving other modern data stack components, notably a large-scale attack on Snowflake customer accounts where they exploited insecure configurations and stolen credentials. - The compromise of a third-party supplier, like an SSO provider, is a common attack vector known as a supply chain compromise. This method accounts for approximately 15% of breaches in the financial industry. - The initial vector for the October 2023 Okta breach was a compromised employee credential stored in their personal Google account on a work laptop, allowing hackers to pivot into Okta's support system. - In response to past incidents, Okta has implemented security enhancements such as binding user sessions to their original IP address to prevent session token replay by attackers.